* Jesus Sanchez <[EMAIL PROTECTED]> [2008-05-16 17:45]: > Ok, now everything works as spected, just for a mistake. > > When I did changes on the /etc/pf.conf, I relaunched the PF > just with: > > # pfctl -d > # pfctl -e > > I thought that was enougth to make the changes affect pf, but NOT,
of course not. you disabled pf, then enabled it again. no ruleset reload. > I needed to use this instead with my actual config: > > # pfctl -d > # pfctl -ef /etc/pf.conf that is not the right way either. you disable pf, then load a new ruleset and enable it again. the whole disable-enable dance it useless and leaves a timeframe where no firewalling takes place, but traffic flows. you just do pfctl -f /etc/pf.conf, it does the right thing for you (load new ruleset, atomically switch to it, ditch old one) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
